VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 11 of 55
  • CVE-2026-32082HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32068HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27926HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-27921HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.01

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26174HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.

  • CVE-2026-26173HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-25184HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.

  • CVE-2025-54601HigApr 6, 2026
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a double free. An attacker can trigger a race…

  • CVE-2025-54602HigApr 6, 2026
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a use-after-free. An attacker can trigger a race…

  • CVE-2026-31827HigMar 10, 2026
    risk 0.46cvss epss 0.00

    Alienbin is an anonymous code and text sharing web service. In 1.0.0 and earlier, the /save endpoint in server.js drops and recreates the MongoDB TTL index on the entire post collection for every new paste submission. When User B submits a paste with a short TTL (e.g., 30…

  • CVE-2025-71221HigFeb 14, 2026
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking in mmp_pdma_residue() to prevent use-after-free when accessing descriptor list and descriptor contents. The race occurs when…

  • CVE-2026-20617HigFeb 11, 2026
    risk 0.46cvss 7.0epss 0.00

    A race condition was addressed with improved state handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to gain root privileges.

  • CVE-2025-12472HigNov 19, 2025
    risk 0.46cvss epss 0.00

    An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has…

  • CVE-2025-43304HigSep 15, 2025
    risk 0.46cvss 7.0epss 0.00

    A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.

  • CVE-2025-39759HigSep 11, 2025
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another running the rescan ioctl that can result in a use-after-free of qgroup records…

  • CVE-2025-54955HigAug 3, 2025
    risk 0.46cvss 8.1epss 0.00

    OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a…

  • CVE-2025-21947HigApr 1, 2025
    risk 0.46cvss 8.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix type confusion via race condition when using ipc_msg_send_request req->handle is allocated using ksmbd_acquire_id(&ipc_ida), based on ida_alloc. req->handle from ksmbd_ipc_login_request and…

  • CVE-2024-47534HigOct 1, 2024
    risk 0.46cvss epss 0.00

    go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C"…

  • CVE-2024-36899HigMay 30, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed…

  • CVE-2024-27020HigMay 1, 2024
    risk 0.46cvss 7.0epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions…